Abstract

A zero-knowledge proof allows a prover to convince a verifier of an assertion without revealing any further information beyond the fact that the assertion is true. Secure multiparty computation allows n mutually suspicious players to jointly compute a function of their local inputs without revealing to any t corrupted players additional information beyond the output of the function. We present a new general connection between these two fundamental notions. Specifically, we present a general construction of a zero-knowledge proof for an NP relation $R(x,w)$, which makes only a black-box use of any secure protocol for a related multiparty functionality f. The latter protocol is required only to be secure against a small number of “honest but curious” players. We also present a variant of the basic construction that can leverage security against a large number of malicious players to obtain better efficiency. As an application, one can translate previous results on the efficiency of secure multiparty computation to the domain of zero-knowledge, improving over previous constructions of efficient zero-knowledge proofs. In particular, if verifying R on a witness of length m can be done by a circuit C of size s, and assuming that one-way functions exist, we get the following types of zero-knowledge proof protocols: (1) Approaching the witness length. If C has constant depth over $\wedge,\vee,\oplus,\neg$ gates of unbounded fan-in, we get a zero-knowledge proof protocol with communication complexity $m\cdot{poly}(k)\cdot{polylog}(s)$, where k is a security parameter. (2) “Constant-rate” zero-knowledge. For an arbitrary circuit C of size s and a bounded fan-in, we get a zero-knowledge protocol with communication complexity $O(s)+{poly}(k,\log s)$. Thus, for large circuits, the ratio between the communication complexity and the circuit size approaches a constant. This improves over the $O(ks)$ complexity of the best previous protocols.

MSC codes

  1. 68Q01

Keywords

  1. cryptography
  2. zero-knowledge
  3. secure computation
  4. black-box reductions

Get full access to this article

View all available purchase options and get full access to this article.

References

1.
O. Barkol and Y. Ishai, Secure computation of constant-depth circuits with applications to database search problems, in Proceedings of the 25th Annual International Cryptology Conference (CRYPTO 2005), Santa Barbara, CA, 2005, Springer-Verlag, Berlin, 2005, pp. 395–411.
2.
M. Bellare, S. Micali, and R. Ostrovsky, The (true) complexity of statistical zero knowledge, in Proceedings of the 22nd Annual ACM Symposium on Theory of Computing (STOC), Baltimore, MD, ACM, New York, 1990, pp. 494–502.
3.
M. Ben-Or, S. Goldwasser, and A. Wigderson, Completeness theorems for non-cryptographic fault-tolerant distributed computation, in Proceedings of the 20th Annual ACM Symposium on the Theory of Computing (STOC), ACM, New York, 1988, pp. 1–10.
4.
M. Blum, Coin flipping by telephone - a protocol for solving impossible problems, in COMPCON'82, Proceedings of the 24th IEEE Computer Society International Conference, San Francisco, CA, 1982, IEEE Computer Society Press, Piscataway, NJ, 1982, pp. 133–137.
5.
J. Boyar, G. Brassard, and R. Peralta, Subquadratic zero-knowledge, J. ACM, 42 (1995), pp. 1169–1193.
6.
J. Boyar, I. Damgård, and R. Peralta, Short non-interactive cryptographic proofs, J. Cryptology, 13 (2000), pp. 449–472.
7.
R. Canetti, Security and composition of multiparty cryptographic protocols, J. Cryptology, 13 (2000), pp. 143–202.
8.
D. Chaum, C. Crépeau, and I. Damgård, Multiparty unconditionally secure protocols (extended abstract), in Proceedings of the 20th Annual ACM Symposium on Theory of Computing (STOC), ACM, New York, 1988, pp. 11–19.
9.
H. Chen and R. Cramer, Algebraic geometric secret sharing schemes and secure multi-party computations over small fields, in Proceedings of the 26th Annual International Cryptology Conference (CRYPTO 2006), Santa Barbara, CA, Springer-Verlag, Berlin, 2006, pp. 521–536.
10.
R. Cramer and I. Damgård, Linear zero-knowledge—A note on efficient zero-knowledge proofs and arguments, in Proceedings of the 29th Annual ACM Symposium on Theory of Computing (STOC), El Paso, TX, ACM, New York, 1997, pp. 436–445.
11.
R. Cramer and I. Damgård, Zero-knowledge proofs for finite field arithmetic; or: Can zero-knowledge be for free?, in Advances in Cryptology (CRYPTO '98), Lecture Notes in Comput. Sci. 1462, Springer, New York, 1998, pp. 424–441.
12.
I. Damgård and Y. Ishai, Constant-round multiparty computation using a black-box pseudorandom generator, in Proceedings of the 25th Annual International Cryptology Conference (CRYPTO 2005), Santa Barbara, CA, Springer-Verlag, Berlin, 2005, pp. 378–394.
13.
I. Damgård and Y. Ishai, Scalable secure multiparty computation, in Proceedings of the 26th Annual International Cryptology Conference (CRYPTO 2006), Santa Barbara, CA, Springer-Verlag, Berlin, 2006, pp. 501–520.
14.
S. Even, O. Goldreich, and A. Lempel, A randomized protocol for signing contracts, Comm. ACM, 28 (1985), pp. 637–647.
15.
M. K. Franklin and M. Yung, Communication complexity of secure computation, in Proceedings of the 24th Annual ACM Symposium on Theory of Computing (STOC), Victoria, BC, Canada, ACM, New York, 1992, pp. 699–710.
16.
O. Goldreich, Foundations of Cryptography: Basic Tools, Cambridge University Press, Cambridge, UK, 2001.
17.
O. Goldreich, Foundations of Cryptography: Basic Applications, Cambridge University Press, Cambridge, UK, 2004.
18.
O. Goldreich and A. Kahan, How to construct constant-round zero-knowledge proof systems for NP, J. Cryptology, 9 (1996), pp. 167–190.
19.
O. Goldreich and J. Håstad, On the complexity of interactive proofs with bounded communication, Inform. Process. Lett., 67 (1998), pp. 205–214.
20.
O. Goldreich, S. Micali, and A. Wigderson, How to prove all NP-statements in zero-knowledge, and a methodology of cryptographic protocol design, in Advances in Cryptology (CRYPTO '86), Lecture Notes in Comput. Sci. 263, Springer, New York, 1987, pp. 171–185.
21.
O. Goldreich, S. Micali, and A. Wigderson, How to play any mental game (extended abstract), in Proceedings of the 19th Annual ACM Symposium on Theory of Computing (STOC), New York, NY, 1987, ACM, New York, 1987, pp. 218–229.
22.
O. Goldreich and Y. Oren, Definitions and properties of zero-knowledge proof systems, J. Cryptology, 7 (1994), pp. 1–32.
23.
S. Goldwasser, Y. T. Kalai, and G. Rothblum, Delegating computation: Interactive proofs for muggles, in Proceedings of the 40th Annual ACM Symposium on Theory of Computing (STOC), Victoria, BC, Canada, ACM, New York, 2008, pp. 113–122.
24.
S. Goldwasser, S. Micali, and C. Rackoff, The knowledge complexity of interactive proof systems, SIAM J. Comput., 18 (1989), pp. 186–208.
25.
J. Groth, R. Ostrovsky, and A. Sahai, Perfect non-interactive zero knowledge for NP, in Proceedings of the 25th International Cryptology Conference (EUROCRYPT 2006), Saint Petersburg, Russia, 2006, Lecture Notes in Comput. Sci. 4004, Springer, New York, 2006, pp. 339–358.
26.
I. Haitner, semihonest to malicious oblivious transfer—The black-box way, in Proceedings of the 5th IACR Theory of Cryptology Conference (TCC 2008), New York, NY, 2008, pp. 412–426.
27.
I. Haitner and O. Reingold, Statistically-hiding commitment from any one-way function, in Proceedings of the 39th Annual ACM Symposium on Theory of Computing (STOC), San Diego, CA, ACM, New York, 2007, pp. 1–10.
28.
D. Harnik, Y. Ishai, E. Kushilevitz, and J. B. Nielsen, OT-combiners from secure computation, in Proceedings of the 5th IACR Theory of Cryptology Conference (TCC 2008), New York, NY, 2008, pp. 393–411.
29.
J. Håstad, R. Impagliazzo, L. A. Levin, and M. Luby, A pseudorandom generator from any one-way function, SIAM J. Comput., 28 (1999), pp. 1364–1396.
30.
R. Impagliazzo and S. Rudich, Limits on the provable consequences of one-way permutations, in Advances in Cryptology (CRYPTO'88), Lecture Notes in Comput. Sci. 403, Springer, New York, 1990, pp. 8–26.
31.
Y. Ishai, E. Kushilevitz, Y. Lindell, and E. Petrank, Black-box constructions for secure computation, in Proceedings of the 38th Annual ACM Symposium on Theory of Computing (STOC), Seattle, WA, ACM, New York, 2006, pp. 99–108.
32.
Y. Ishai, E. Kushilevitz, R. Ostrovsky, and A. Sahai, Zero-knowledge from secure multiparty computation, in Proceedings of the 39th Annual ACM Symposium on Theory of Computing (STOC), San Diego, CA, ACM, New York, 2007, pp. 21–30.
33.
Y. Ishai, M. Prabhakaran, and A. Sahai, Founding cryptography on oblivious transfer—efficiently, in Proceedings of the 28th Annual International Cryptology Conference (CRYPTO 2008), Santa Barbara, CA, Springer-Verlag, Berlin, 2008, pp. 572–591.
34.
Y. T. Kalai and R. Raz, Succinct non-interactive zero-knowledge proofs with preprocessing for LOGSNP, in Proceedings of the 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS), Berkeley, CA, IEEE Computer Society Press, Piscataway, NJ, 2006, pp. 355–366.
35.
Y. T. Kalai and R. Raz, Interactive PCP, in Proceedings of the 35th International Colloquium on Automata, Languages and Programming (ICALP), Reykjavik, Iceland, Springer, New York, 2008, pp. 536–547.
36.
J. Kilian, Founding cryptography on oblivious transfer, in Proceedings of the 20th Annual ACM Symposium on Theory of Computing (STOC), ACM, New York, 1988, pp. 20–31.
37.
J. Kilian, A note on efficient zero-knowledge proofs and arguments (extended abstract), in Proceedings of the 24th Annual ACM Symposium on Theory of Computing (STOC), Victoria, BC, Canada, ACM, New York, 1992, pp. 723–732.
38.
J. Kilian, E. Kushilevitz, S. Micali, and R. Ostrovsky, Reducibility and completeness in private computations, SIAM J. Comput., 29 (2000), pp. 1189–1208.
39.
J. Kilian and E. Petrank, An efficient noninteractive zero-knowledge proof system for NP with general assumptions, J. Cryptology, 11 (1998), pp. 1–27.
40.
J. Kilian, S. Micali, and R. Ostrovsky, Minimum resource zero-knowledge proofs, in Proceedings of the 30th Annual IEEE Symposium on Foundations of Computer Science (FOCS), Research Triangle Park, NC, IEEE Computer Society Press, Piscataway, NJ, 1989, pp. 474–479.
41.
E. Kushilevitz, S. Micali, and R. Ostrovsky, Reducibility and completeness in multi-party private computations, in Proceedings of the 35th Annual IEEE Symposium on Foundations of Computer Science (FOCS), Santa Fe, NM, IEEE Computer Society Press, Piscataway, NJ, 1994, pp. 478–489.
42.
U. Maurer, Secure multi-party computation made simple, in Proceedings of the Third Conference on Security in Communication Networks (SCN 2002), Almafi, Italy, Lecture Notes in Comput. Sci. 2576, Springer, New York, 2002, pp. 14–28.
43.
S. Micali, Computationally sound proofs, SIAM J. Comput., 30 (2000), pp. 1253–1298.
44.
M. Naor, Bit commitment using pseudorandomness, J. Cryptology, 4 (1991), pp. 151–158.
45.
R. Ostrovsky and A. Wigderson, One-way functions are essential for non-trivial zero-knowledge, in Proceedings of the Second Israel Symposium on Theory of Computing and Systems (ISTCS), Natanya, Israel, IEEE Computer Society Press, Piscataway, NJ, 1993, pp. 3–17.
46.
M. Prabhakaran, A. Rosen, and A. Sahai, Concurrent zero-knowledge with logarithmic round complexity, in Proceedings of the 43rd Annual IEEE Symposium on Foundations of Computer Science (FOCS), Vancouver, BC, Canada, IEEE Computer Society Press, Piscataway, NJ, 2002, pp. 366–375.
47.
M. Rabin, How to Exchange Secrets by Oblivious Transfer, Technical Memo TR-81, Aiken Computation Laboratory, Harvard University, Cambridge, MA, 1981.
48.
T. Rabin and M. Ben-Or, Verifiable secret sharing and multiparty protocols with honest majority, in Proceedings of the 21st Annual ACM Symposium on Theory of Computing (STOC), Seattle, WA, ACM, New York, 1989, pp. 73–85.
49.
A. Razborov, Lower bounds for the size of circuits of bounded depth with basis (AND, XOR), Math. Notes Acad. Sci. USSR, 41 (1987), pp. 333–338.
50.
O. Reingold, L. Trevisan, and S. P. Vadhan, Notions of reducibility between cryptographic primitives, in Proceedings of the 1st Theory of Cryptology Conference (TCC), Cambridge, MA, 2004, pp. 1–20.
51.
A. Rosen, A note on constant round zero knowledge proofs for NP, in Proceedings of the 1st Theory of Cryptology Conference (TCC), Cambridge, MA, 2004, pp. 191–202.
52.
A. Shamir, How to share a secret, Comm. ACM, 22 (1979), pp. 612–613.
53.
R. Smolensky, Algebraic methods in the theory of lower bound for Boolean circuit complexity, in Proceedings of the 19th Annual ACM Symposium on Theory of Computing (STOC), New York, NY, ACM, New York, 1987, pp. 77–82.
54.
A. C. Yao, How to generate and exchange secrets, in Proceedings of the 27th Annual IEEE Symposium on Foundations of Computer Science (FOCS), Toronto, Canada, IEEE Computer Society Press, Piscataway, NJ, 1986, pp. 162–167.

Information & Authors

Information

Published In

cover image SIAM Journal on Computing
SIAM Journal on Computing
Pages: 1121 - 1152
ISSN (online): 1095-7111

History

Submitted: 14 February 2008
Accepted: 2 December 2008
Published online: 2 September 2009

MSC codes

  1. 68Q01

Keywords

  1. cryptography
  2. zero-knowledge
  3. secure computation
  4. black-box reductions

Authors

Affiliations

Metrics & Citations

Metrics

Citations

If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download.

Cited By

View Options

View options

PDF

View PDF

Media

Figures

Other

Tables

Share

Share

Copy the content Link

Share with email

Email a colleague

Share on social media